Require extensions to begin with "ext-" and end with ".js" to prevent URL-prompted loading of other files within the extPath.
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2712 eee81c28-f429-11dd-99c0-75d572ba1ddd
This commit is contained in:
@@ -537,6 +537,9 @@ TO-DOS
|
|||||||
var extFunc = function() {
|
var extFunc = function() {
|
||||||
$.each(curConfig.extensions, function() {
|
$.each(curConfig.extensions, function() {
|
||||||
var extname = this;
|
var extname = this;
|
||||||
|
if (!extname.match(/^ext-.*\.js/)) { // Ensure URL cannot specify some other unintended file in the extPath
|
||||||
|
return;
|
||||||
|
}
|
||||||
$.getScript(curConfig.extPath + extname, function(d) {
|
$.getScript(curConfig.extPath + extname, function(d) {
|
||||||
// Fails locally in Chrome 5
|
// Fails locally in Chrome 5
|
||||||
if (!d) {
|
if (!d) {
|
||||||
|
|||||||
Reference in New Issue
Block a user